Bad Rabbit Targeted Ransomware Attack Is Bad News

It was reported yesterday that this year’s third major Ransomware incident – dubbed Bad Rabbit – began infecting a number of ‘high profile’ targets throughout Russia and greater Eastern Europe; specifically, Poland, Germany, the Ukraine, and South Korea. Based on the nature and characteristics of the attack, security experts are comparing it to the WannaCry and Petya ransomwares earlier this year.

Currently the primary culprit contributing to Bad Rabbit’s ability to spread is a disregard of the importance of end user awareness training, as well as a failure to maintain a proactive network management plan. Most Bad Rabbit incidents involved end users clicking to download a fraudulent Adobe Flash update while browsing the web. These pop-ups are impersonating Adobe and are not to be trusted. Once the user opens the update Bad Rabbit is introduced to their network, creating a huge security vulnerability.

Our Recommendations

There are a few comforts to be had from all this however. The first is that this appears to be a very targeted attack. Also, there have only been 200 reported incidences of Bad Rabbit, which seem isolated to those specific targets. You should also rest assured that as long as you are one of our Managed Service clients, your network is being patched each week to ensure you have the latest protections.

Organizations implementing a 3-2-1, best practices backup solution, as well as routinely scamming your employees to improve cybersecurity awareness, should fare well through this next wave of attacks. Even in a worst-case scenario where an attack was successful in tricking one of your users, you will be able to identify new areas to improve upon in your IRP (incidence response plans). For additional insight on how the TSI team help small businesses address today’s increasingly hostile cyber landscape, click here. You can also check out our vast Resource Library on the subject.

UPDATE 10/26:

It was recently announced that Bad Rabbit has hit the United States. Microsoft released a threat bulletin related to Bad Rabbit, which they call Ransom:Win32/Tibbar.A. In the release, they state that Windows Defender is capable of detecting the ransomware using the detection update 1.255.29.0 or higher. It is why updating Defender is so crucial. For all our Managed Service clients, the latest version has already been pushed through our agents, as well as a long list of Windows patch deployments over the course of the last few days to all Managed Service clients.